Prospectus
A Correlational Study Between RFID Technology and Credit Card Fraud
By
I have began my Doctoral Study Prospectus but I need help completing it. Review the attached document in order to get a better idea about the research topic, then complete the highlighted areas:
– Background of the Problem
– Nature of the Study
– Survey Questions
– Theoretical Framework (Make sure that the chosen framework aligns with the research. In this case, establishing relationships between variables.
– Contribution to Information Technology Practice
– Implications for Social Change
Make sure that all references used are peer review and was written within the last 4 years.
Follow APA 6th edition format for citations
Abstract
The emergence of RFID-enabled credit cards technology was seen as an easier way for individuals and cooperates to transmit information in an easy and fast manner. However, although Radio Frequency Identification (RFID) technology has been proven to be unsecure, credit card companies continue to embed their credit cards with RFID chips. In this study, the specific IT problem is that some credit card companies’ security engineers lack information on the relationship that exists between the predictors of RFID readers, RFID chips and the dependent variables fraudulent credit card activities in RFID enabled credit cards.. The study applies quantitative correlation as its study design with a purpose to determine the relationship between predictors of RFID readers and the dependent variables fraudulent credit card activities in RFID enabled credit cards. By undertaking this study, we hope to provide Credit card companies’ security engineers with a resource that can be used as a basis for understanding credit card fraud and RFID technological complications
Background of the Problem
Modern credit cards are fitted with a wireless computer chip that comes with an antenna utilizing the radio frequency identification technology (RFID). The (RFID) chips and antenna role is to transmit data in encrypted format from a given credit card to a merchants’ agent chip reader (Heydt-Benjamin, Bailey, Fu, K., Juels & O’Hare, 2006). By introducing the use of RFID-enabled credit cards technology, it is easier for individuals and cooperates to transmit information in an easy and fast manner where only a cards physical proximity is required for the reader to execute a given transaction. Since the technology was invented, more business organizations have adopted it a factor that has propelled more users around the world to embrace the RFID technology. However, though many cyber security experts recommend this technology for its safety, there have been a growing number of identity theft incidences which has been raising concern on the reliability of this technology in the future given the fact that the nature of cyber crimes is becoming more sophisticated.
The main purpose of fitting RFID with chips is to prevent identity theft and counterfeiting of credit cards, passport and other forms of electronic transmission mechanisms (Heydt-Benjamin, Bailey, Fu, K., Juels & O’Hare, 2006). Traditionally, credit cards utilized a magnetic stripe that would require physical access or contact in order to retrieve information contained in a given credit card. However, the emergence of RFID-enabled credit cards ensured that through the use of small radio transponders, only a card’s physical proximity is required for the reader to execute a given transaction (Heydt-Benjamin, Bailey, Fu, K., Juels & O’Hare, 2006). However, though the intentions maybe noble, they have made users of these credit cards to other forms identify theft and counterfeiting. This is because cybercriminals are able to use specific types of scanners to steal information from user’s credit card when it is still in their pockets. Experts believe that among the reasons why cyber criminals are taking advantages of the existing flaws in the RFID technology to exploit credit card users is because some credit card companies’ security engineers lack information on the relationship that exists between the predictors of RFID readers and fraudulent credit card activities (Heydt-Benjamin, Bailey, Fu, K., Juels & O’Hare, 2006). As such by undertaking this study, the objective is that credit card companies’ security engineers can use the research as a basis for understanding credit card fraud and RFID technological complications.
Problem Statement
Fiore, De Santis, Perla, Zanetti, and Palmieri (2017) analyzed that over the last few years, the number of reported credit card fraud related incidents have grown dramatically. Creditors and consumers in the United States have lost a staggering $24.26 billion in the past 12 months due to credit card fraud (SmartMetrics, 2019). The general IT problem is that although Radio Frequency Identification (RFID) technology has been proven to be unsecure, credit card companies continue to embed their credit cards with RFID chips. The specific IT problem is that some credit card companies’ security engineers lack information on the relationship that exists between the predictors of RFID readers (RR), RFID chips (RC), and the dependent variables fraudulent credit card activities (FCCA) and RFID enabled credit cards (RECC).
Purpose Statement
The purpose of this quantitative correlational study is to determine the relationship between predictors of RFID readers (RR), RFID chips (RC), and the dependent variables fraudulent credit card activities (FCCA) and RFID enabled credit cards (RECC). The specific population is security engineers of credit card companies located in the eastern United States. The predictors are (a) RR and (b) (RC). The dependent variables are (a) FCCA and (b) RECC. An implication of my doctoral study for positive social change is that by using the findings in my study, credit card companies’ security engineers might select a different method in order to better secure consumers’ credit card information. Which in turn will reduce the number of credit card fraud related incidents.
Nature of the Study
According to different scientific research studies, fraudulent credit card activities occur in different techniques with the three most common ones being replay, eavesdropping and skimming (Heydt-Benjamin, Bailey, et al., 2006). As such, the methodology for this study focused on three fraudulent credit card activities that criminals use to breach the security of a given credit card.
To ensure that the identity of the credit cards used in this study is well protected, each card was labeled with letter A, B, C and so on. This then allows for the study to have a close look of the relationship between the credit cards and their readers in a normal set up.
Replay experiments
For this experiment, the procedure involves using a credit card emulator which will allow for broadcasting of arbitrary bytes through the ISO 14443-B transport layer. The credit card emulator is designed in such a way that RFID-enabled credit-card reader is able to transmit relies of a simulated attack that utilizing the same technicalities used by replay attackers. The hypothesis for this experiment is that commercial readers will not be able to distinguish between an emulated credit card reader from the real card, which is the common flaw utilized by attacks to gain unauthorized access to a given credit card. While this research experiments are being done in a laboratory set up which is a controlled environment, future studies should be done in a real or practical set up because it will be important to gather information from a random and more practical environment.
Eavesdropping experiments
For this part of the research, the experiment focused on attaching an oscilloscope to an antenna so as to observe the transactions between the credit-cards and their readers. The success of this experiment is anchored on the fact that important information such as the card holder’ s name and expiration dates of the card is easily accessible as it would happen in an actual attack. By undertaking this procedure, it demonstrates the vulnerability of credit cards when cryptographic protection is not used to enhance its security. The hypothesis for this experiment is that most cards will transmit their credit information in a cleartext format and only a few of them will be static which usually a preserve for transactions utilizing the wireless technology.
Skimming experiments
The final experiment of this study involves the use of a RFID-enabled credit card reader mostly used in commercial set up and the objective is to present it with the experimental cards that will be used for the experiment. By doing this, it will easier to obtain data in the magnetic stripe style used in each of the cards. Such a set up is ideal mainly because this kind of data is commonly used in commercial set up to charge specific processing networks, and it is the procedure used by most skimming attackers when they want to cover their tracks after undertaking a given financial frauds on a specific credit card. The purpose of undertaking this particular experiment is to demonstrate that in most cases RFID-enabled credit card readers fail to use secure mechanisms so as to authenticate any RFID reader before any sensitize information can be realized.
Research Question
RQ1: What is the relationship between (a) RR, (b) RC and (c) FCCA in regards to credit card fraud?
RQ2: What is the relationship between (a) RR, (b) FCCA, and (c) RECC in regards to credit card fraud?
Hypotheses
H01 There is no relationship between (a) RR, (b) RC and (c) FCCA in regards to credit card fraud.
Ha1 There is a relationship between predictors of (a) RR, (b) RC and (c) FCCA in regards to credit card fraud.
H02 There is a relationship between (a) RR, (b) FCCA, and (c) RECC in regards to credit card fraud.
Ha2 There is no relationship between (a) RR, (b) FCCA, and (c) RECC in regards to credit card fraud.
Survey Questions
For this section of this section of the research paper, the study aims to carry out a set of survey questions with experts in the field of electronic fraud with the aim of providing insights into the current scope of these kinds of attacks. Among the survey questions that will have to be answered are highlighted below.
1. With an increase number in the incidences of fraudulent credit card activities, what is the current state of awareness among consumers and companies that use RFID technology in regards to the prevailing security threats?
2. Are private organizations and business setting up enough funds to sponsor research that will lead to the addressing the growing concerns associated with security breaches with the RFID technology?
3. From the different cases of fraudulent credit card activities, do the victims have a prior understand that the information held in the RFID credit cards can be hacked?
4. From your understanding, what is the relationship between predictors of RFID readers, RFID chips and fraudulent credit card activities in RFID enabled credit cards?
Theoretical Framework
With an expected decrease in the overall technology costs, there is a general expectation that credit card issuers will be able to technology with cryptographic protocols that are more effective. According to (), the current theoretical framework suggests that RFID tags are supported by protocols that authenticate read operations such that the contents of RFID tags can easily be read by adversaries without trace. Moreover, the same theory suggests that most RFID tags employ writeable memory which makes them vulnerable to attackers because they can easily delete or end up modifying very vital information. As such, it means that the ways such an attack can be carried out is dependent on the read or write standard protection applied in a given scenario. Having an understanding of these theories is crucial for this study because it brings out a clear picture of the relationship between predictors of RFID readers, RFID chips and fraudulent credit card activities in RFID enabled credit cards.
Significance of the Study
This section will identify the significance of the study and how it can be implemented to promote positive social change in the credit card industry.
Contribution to Information Technology Practice
This research comes with many benefits to the information technology practices particular in regards to credit card security and other related technologies. At a time when personal security identification is very crucial, this study will go a long way in enlightening experts in this field as well as companies and users of credit cards on the potential dangers of and fraudulent credit card activities in RFID enabled credit cards and the measures that can be put in place to remedy these potential challenges. Moreover, Credit card companies’ security engineers can use the research as a basis for understanding credit card fraud and RFID technological complications.
Implications for Social Change
By implementing the recommendations that will come out of this research studies, it will go a long way in ensuring that individuals and companies have a more secure environment to utilize the RFID technological in various capacities of their daily lives.
References
Atinc, G., Becker, T. E., Breaugh, J. A., Carlson, K. D., Edwards, J. R., & Spector, P. E. (2016). Statistical Control in Correlational Studies: 10 Essential Recommendations for Organizational Researchers. Journal of Organizational Behavior, 37(2), 157-167. doi: 10.1002/job.2053
Beqqal, M. E., & Azizi, M. (2017). Classification of major security attacks against RFID systems. 2017 International Conference on Wireless Technologies, Embedded and Intelligent Systems (WITS). doi:10.1109/wits.2017.7934622
Fiore, U., De Santis, A., Perla, F., Zanetti, P., & Palmieri, F. (2019). Using Enervative Adversarial Networks for Improving Classification Effectiveness in Credit Card Fraud Detection. Information Sciences, 479, 448–455. Retrieved from https://doiorg.ezp.waldenulibrary.org/10.1016/j.ins.2017.12.030
Guizani, S. (2016). Relay attacks concerns in wireless ad hoc, sensors, and RFID networks. Wireless Communications and Mobile Computing, 16(11), 1431-1435. doi:10.1002/wcm.2707
Heydt-Benjamin, T. S., Bailey, D. V., Fu, K., Juels, A., & O’Hare, T. (2006). Vulnerabilities in First-Generation RFID-enabled Credit Cards. Financial Cryptography and Data Security Lecture Notes in Computer Science, 2-14. doi:10.1007/978-3-540-77366-5_2
Kaur, J., & Kehar, N. (2011). RFID enabled cards skimming. Proceedings of the International Conference on Advances in Computing and Artificial Intelligence – ACAI 11. doi:10.1145/2007052.2007083
Marshall, C., & Rossman, G. (2016). Designing Qualitative Research (6th ed.). Thousand Oaks, CA: Sage Publications, Inc.
Pandian, M. T., & Sukumar, R. (2013). RFID: An appraisal of malevolent attacks on RFID security system and its resurgence. 2013 IEEE International Conference in MOOC, Innovation and Technology in Education (MITE). doi:10.1109/mite.2013.6756297
SmartMetric, I. (2019). SmartMetric Reports Worldwide Payment Card Fraud Losses Reach a Staggering $24.26 Billion While the USA Accounts for 38.6% of Global Card Fraud Losses. Business Wire (English). Retrieved from https://ezp.waldenulibrary.org/login?url=https://search.ebscohost.com/login.aspx? direct=true&db=bwh&AN=bizwire.c87811563&site=eds-live&scope=site
Venkataramani, G., & Gopalan, S. (2007). Mobile phone based RFID architecture for secure electronic Payments using RFID credit cards. The Second International Conference on Availability, Reliability and Security (ARES07). doi:10.1109/ares.2007.105
